package cn.com.jonpad.security.config;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		//super.configure(http);
		//定制请求的授权规则
		http.authorizeRequests().antMatchers("/").permitAll()
				.antMatchers("/level1/**").hasRole("VIP1")
				.antMatchers("/level2/**").hasRole("VIP2")
				.antMatchers("/level3/**").hasRole("VIP3");
		//开启自动配置的登陆功能，效果，如果没有登陆，没有权限就会来到登陆页面
		http.formLogin();
		//1、/login来到登陆页
		//2、重定向到/login?error表示登陆失败
		//3、更多详细规定
		//4、默认post形式的 /login代表处理登陆
		//5、一但定制loginPage；那么 loginPage的post请求就是登陆
	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		//super.configure(auth);
		auth.inMemoryAuthentication().withUser("jon").password("123456").roles("VIP1","VIP2")
				.and().withUser("ming").password("123456").roles("VIP3");
	}
}
